<?php
session_start();
include "library.php";

//If user has not logged in, send to login page

if(!isset($_SESSION["username"])){
  header("Location:login.php");
}

//If user presses logout, clear session and redirect

if(isset($_POST["logout"])){	
  session_unset();
  session_destroy();
  header("Location:home.php");
}

//If not admin, redirect

if($_SESSION["position"] == 1){ //Admin not allowed to use this function
  header("Location:members.php");
}

//Print header
print_header($_SESSION["position"], 6);

$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");

//If the user has pressed the submit button, store file onto server, enter relevant data into File Database

if(isset($_POST["add1"])){

  //If the file uploaded succesfully process
	
  if(is_uploaded_file($_FILES["myFile"]['tmp_name'])) {
		
    //Ensure that the file is not already in the database
		
    $tempString = basename($_FILES["myFile"]['name']);
    $query = sprintf("SELECT * FROM Files WHERE Name = '%s'",
	mysql_real_escape_string(stripslashes(htmlspecialchars($tempString)),$pwdb));
    $query_results = dbquery($query);

    //If no file exists with the same name

    if(mysql_num_rows($query_results) == 0){
			
      //Create a string specifiying where to save all of this at		
			
      move_uploaded_file($_FILES["myFile"]['tmp_name'], "/home2/wendlc/public_html/TEAMSCI/Files/".$_FILES["myFile"]['name']."");
			
      //Retrieve user data so it can be stored with the file information
			
      $queryUser = sprintf("SELECT UserNum FROM Users WHERE UserID = '%s'",
        mysql_real_escape_string(stripslashes(htmlspecialchars($_SESSION["username"])), $pwdb));
      $qUserOb = dbquery($queryUser);
      $resultsUser = mysql_fetch_object($qUserOb);
			
      //Determine and Store File Extension
			
      $path_parts = pathinfo($_FILES["myFile"]['name']);
			
      //Store needed file data in database
			
      $queryFileInfo = sprintf("INSERT INTO Files (Name, Tag, User, Time, FileType, FileSize) VALUES ('%s','%s','%s','%s','%s','%s')",
	 mysql_real_escape_string(stripslashes(htmlspecialchars($_FILES["myFile"]['name'])), $pwdb),
	 mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["tags"])), $pwdb),
	 mysql_real_escape_string(htmlspecialchars($resultsUser->UserNum), $pwdb),
	 mysql_real_escape_string(time(), $pwdb),
	 mysql_real_escape_string(htmlspecialchars($path_parts['extension']), $pwdb),
	 mysql_real_escape_string(filesize("/home2/wendlc/public_html/TEAMSCI/Files/".htmlspecialchars($_FILES["myFile"]['name'])), $pwdb));
      dbquery($queryFileInfo);
			
      //Go to File Upload Result Page
      //Store File Name in cookie to use
			
      $_SESSION["file_name"] = htmlspecialchars($_FILES["myFile"]['name']);
      echo "<script>location.href='DetailView.php'</script>";
    } else { //File already exists
      $_SESSION["file_name"] = htmlspecialchars($_FILES["myFile"]['name']);
      echo "File Already exists, please rename if you still want to upload. <a href=\"/TEAMSCI/DetailView.php\">Orig. File</a><BR><BR>";
    }
  }	
} 
?>
<BR>
Please be patient as this process may take a while.<BR><BR>
<form method = 'post' enctype = 'multipart/form-data'>
<INPUT TYPE = "file" NAME = "myFile"><BR><BR>
Insert Tags here<BR>
<textarea name = "tags" cols = "40" rows = "4" MAXLENGTH = 2000></textarea><BR><BR> 
<input type = 'submit' name = 'add1' value = 'Submit' /><br />
</form>

<?php
print_footer();
?>

